Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 07d94e48d96e6993cb6444e61913d16c20da6544^! / .
commit07d94e48d96e6993cb6444e61913d16c20da6544[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu Sep 20 10:57:52 2018 +0200
committerWilly Tarreau <w@1wt.eu>Thu Sep 20 11:42:15 2018 +0200
tree5975b8d6aa0c9b2a7089e6daa55c19d37c661d0d
parent4ae4923c3e44f8bd62bc9bd226389f373ace695e [diff]
BUILD: ssl_sock: remove build warnings on potential null-derefs

When building with -Wnull-dereferences, gcc sees some cases where a
pointer is dereferenced after a check may set it to null. While all of
these are already guarded by either a preliminary test or the code's
construction (eg: listeners code being called only on listeners), it
cannot be blamed for not "seeing" this, so better use the unguarded
calls everywhere this happens, particularly after checks. This is a
step towards building with -Wextra.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d26ee78..0899418 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -830,7 +830,7 @@
 	int ret = -1; /* error by default */
 
 	conn = SSL_get_ex_data(s, ssl_app_data_index);
-	ref  = objt_listener(conn->target)->bind_conf->keys_ref;
+	ref  = __objt_listener(conn->target)->bind_conf->keys_ref;
 	HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
 
 	keys = ref->tlskeys;
@@ -1452,7 +1452,7 @@
 			conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
 		}
 
-		if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
+		if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
 			ssl_sock_dump_errors(conn);
 			ERR_clear_error();
 			return 1;
@@ -1466,7 +1466,7 @@
 		conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
 
 	/* check if certificate error needs to be ignored */
-	if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
+	if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
 		ssl_sock_dump_errors(conn);
 		ERR_clear_error();
 		return 1;
@@ -1807,7 +1807,7 @@
 SSL_CTX *
 ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
 {
-	struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
+	struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
 
 	return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
 }
@@ -3893,7 +3893,7 @@
 	struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
 	struct server *s;
 
-	s = objt_server(conn->target);
+	s = __objt_server(conn->target);
 
 	if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
 		int len;
@@ -4398,7 +4398,7 @@
 	servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
 	sni = servername;
 	if (!servername) {
-		servername = objt_server(conn->target)->ssl_ctx.verify_host;
+		servername = __objt_server(conn->target)->ssl_ctx.verify_host;
 		if (!servername)
 			return ok;
 	}
@@ -4939,7 +4939,7 @@
 
 	retry_connect:
 		/* Alloc a new SSL session ctx */
-		conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
+		conn->xprt_ctx = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
 		if (!conn->xprt_ctx) {
 			if (may_retry--) {
 				pool_gc(NULL);
@@ -4974,13 +4974,13 @@
 		}
 
 		SSL_set_connect_state(conn->xprt_ctx);
-		if (objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
-			const unsigned char *ptr = objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
-			SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
-			if(sess && !SSL_set_session(conn->xprt_ctx, sess)) {
+		if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
+			const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
+			SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
+			if (sess && !SSL_set_session(conn->xprt_ctx, sess)) {
 				SSL_SESSION_free(sess);
-				free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
-				objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
+				free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
+				__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
 			} else if (sess) {
 				SSL_SESSION_free(sess);
 			}
@@ -4998,7 +4998,7 @@
 
 	retry_accept:
 		/* Alloc a new SSL session ctx */
-		conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
+		conn->xprt_ctx = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
 		if (!conn->xprt_ctx) {
 			if (may_retry--) {
 				pool_gc(NULL);
@@ -5321,9 +5321,9 @@
 	ERR_clear_error();
 
 	/* free resumed session if exists */
-	if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
-		free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
-		objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
+	if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
+		free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
+		__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
 	}
 
 	/* Fail on all other handshake errors */